Many different online services allow users to authenticate with such services through utilization of a username and password. Example online services include banking services, online news companies, email services, instant messaging services, social networking services, amongst many other online services. Generally, passwords are chosen such that the user can easily remember these passwords. Oftentimes, a password chosen by a user will be made up of a single, commonly used word or combination of words. These passwords can be categorized as “weak”, as a malicious hacker may undertake a dictionary attack and learn the password of the user. A dictionary attack refers to an attempt to learn a password by attempting words or combinations of words that are found in a dictionary. Some security mechanisms are currently utilized to prevent online dictionary attacks, such as limiting the number of login attempts over a particular amount of time with respect to a certain username. There is, however, currently no conventional mechanism for preventing offline attacks, wherein an online service provider or a third party attacker can attempt to execute a dictionary attack with respect to a password of a user when the user is not attempting to log into the online service.
Additionally, individuals tend to have many different accounts with various different online services. Oftentimes, users will utilize the same password across many different accounts. Thus, if a password for a first account (such as a newspaper account) is determined by a malicious hacker, such hacker may attempt to log into an online service pertaining to a banking account of the user by using the same password. In an example attack, a malicious hacker may set up an online service that is configured to receive a username and password of a particular user. Once the online service receives such password, the malicious hacker can utilize the password to log into other online services of the user.
One manner for protecting passwords or mitigating dictionary attacks is for a user to employ “strong” passwords, which are a mixture of numbers, letters and symbols that are relatively long in length. Furthermore, ideally, a user should utilize a different password for each service, such that if one password is compromised, accounts with other online services of the user are not compromised. In actuality, however, users do not choose strong passwords, and users do not utilize a variety of passwords across accounts. This is because users feel that they are unable to remember strong passwords, much less numerous strong passwords for different accounts.